Abstract
In large scale deployments of partly autonomously communicating and connecting network elements, such as the Internet of Things and machine-to-machine devices, trust issues have new qualities. Concurrently, end-user devices are technically open platforms, and also pose security threats on a large scale to users and networks. Thus, fault detection and remediation methods become costly. It is a key challenge to balance the requirements of scalability and cost-effectiveness with desired fine-grained checks and remote remediation. Current technologies, such as Trusted Computing Group’s Trusted Network Connect and Open Mobile Alliance’s Device Management Standards, may not be an ideal fit to the requirements. Extensions like property-based attestation (PBA) are promising, but may require special infrastructure and/or further standardization. We consider an architecture for Platform Validation and Management (PVM) in which designated network entities protect the access network by remotely validating devices before they are allowed to authenticate and gain access. We propose methods to diagnose devices with a granularity which allows also attachment even with partial functionality and methods to remediate faulty devices remotely, i.e., bring them back into a known good state. This approach requires some separation of tasks between network PVM entities and trusted functionalities on devices [1, 2]. Our generic and efficient approach to PVM, rests on three key ingredients:
First, A trusted platform architecture allowing separation of the system in a Secure Execution Environment (SEE) and a Normal Execution Environment (NEE). The system is capable of performing a secure start-up (bootstrap) process anchored in a Root of Trust (RoT) and building a chain of trust from the RoT to SEE to NEE, verifying start-up, particularly started components against Trusted Reference Values (TRVs). This is an abstraction of the Trusted Computing Group’s MPWG (Mobile Phone WG) Platform Architecture, which may be mapped to many different, concrete architectures.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Schmidt, A.U., Cha, I., Shah, Y., Leicher, A., Meyerstein, M.: Trust in M2M Communications. IEEE Vehicular Technology Magazine 4(3), 69–75 (2009)
Schmidt, A.U., Cha, I., Shah, Y., Leicher, A.: Trusted Platform Validation and Management. International Journal of Dependable and Trustworthy Information Systems (IJDTIS) 1(2), 1–31 (2010)
Schmidt, A.U., Leicher, A., Shah, Y., Cha, I.: Tree-formed Verification Data for Trusted Platforms, http://arxiv.org/abs/1007.0642v3
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Leicher, A., Schmidt, A.U., Shah, Y. (2012). Scalable Trust Assessment and Remediation of Wireless Devices. In: Schmidt, A.U., Russello, G., Krontiris, I., Lian, S. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 107. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33392-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-33392-7_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33391-0
Online ISBN: 978-3-642-33392-7
eBook Packages: Computer ScienceComputer Science (R0)